CSO Online

Attackers exploit decade‑old Windows driver flaw to shut down modern EDR defenses

Attackers abused a signed but long-revoked EnCase Windows kernel driver in a BYOVD attack to terminate all security tools.
Threat Post

Patched Windows Kernel-Mode Driver Flaw Exploitable With One Bit Change

Details have been disclosed on a Windows kernel-mode driver privilege escalation vulnerability that was patched Tuesday by Microsoft. The vulnerabilities addressed in this month’s Patch Tuesday ...

EDR killer tool uses signed kernel driver from forensic software

Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in ...
ZDNet

Intel searches for Windows kernel-mode vulnerabilities, finds little to write home about

If hackers were able to exploit a vulnerability in a kernel mode driver for any operating system, they'd essentially end up with control of the entire system. But, according to a story by News.com's ...
Hosted on MSN

Windows 11's driver signature requirement is one of the best anti-consumer security features out there

Windows 11, the most-used consumer desktop operating system in the world, undoubtedly has its problems. Yet, despite those problems, it's the most refined version of the company's operating system, ...
Ars Technica

User Mode application and Kernel mode driver

I have planned to develop a windows security application to prevent malicious code attacks. The solution has user-mode application which will communicate with kernel mode driver for preprocessing ...